Anonymitaet commented on code in PR #16962: URL: https://github.com/apache/pulsar/pull/16962#discussion_r939918491
########## site2/docs/security-policy-and-supported-versions.md: ########## @@ -14,6 +14,12 @@ https://pulsar.apache.org/docs/en/security-overview/. The Pulsar community will announce security vulnerabilities and how to mitigate them on the [[email protected]](mailto:[email protected]). For instructions on how to subscribe, please see https://pulsar.apache.org/contact/. +## Reporting Vulnerabilities + +The Pulsar community follows the ASF [vulnerability handling process](https://apache.org/security/#vulnerability-handling). + +To report a new vulnerability you have discovered please follow the [ASF vulnerability reporting process](https://apache.org/security/#reporting-a-vulnerability). Besides, you can send one plain-text email for each vulnerability to [[email protected]](mailto:[email protected]). Review Comment: If users are allowed / encouraged to send emails to `[email protected]` and `[email protected]` 1. Why only add `[email protected]` to guide (in this PR)? 2. When reporting a Pulsar security issue, is there any difference between `[email protected]` and `[email protected]`? Or user can report to any of them, they are the same? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
